https://blog.torproject.org/blog/tor-02234-released-security-patches Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building.
Created tor tracking bugs for this issue Affects: fedora-all [bug 771512] Affects: epel-all [bug 771513]
Current EPEL and Fedora provide 0.2.3.25 which includes this fix.